Overview
overview
8Static
static
6bba367a7b0...18.apk
android-9-x86
7bba367a7b0...18.apk
android-10-x64
7bba367a7b0...18.apk
android-11-x64
7bdxadsdk.apk
android-9-x86
bdxadsdk.apk
android-10-x64
bdxadsdk.apk
android-11-x64
muzhiwanapp.apk
android-9-x86
8muzhiwanapp.apk
android-13-x64
7mzw_d.apk
android-9-x86
mzw_g.apk
android-9-x86
mzw_g.apk
android-10-x64
mzw_g.apk
android-11-x64
stasdk_core.apk
android-9-x86
7stasdk_core.apk
android-10-x64
7bdxadsdk.apk
android-9-x86
bdxadsdk.apk
android-10-x64
bdxadsdk.apk
android-11-x64
gdtadv2.apk
android-9-x86
gdtadv2.apk
android-10-x64
gdtadv2.apk
android-11-x64
Analysis
-
max time kernel
177s -
max time network
190s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
18-06-2024 11:15
Static task
static1
Behavioral task
behavioral1
Sample
bba367a7b0717a629f10afaedda34708_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bba367a7b0717a629f10afaedda34708_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
bba367a7b0717a629f10afaedda34708_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral4
Sample
bdxadsdk.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral5
Sample
bdxadsdk.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral6
Sample
bdxadsdk.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral7
Sample
muzhiwanapp.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral8
Sample
muzhiwanapp.apk
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral9
Sample
mzw_d.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral10
Sample
mzw_g.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral11
Sample
mzw_g.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral12
Sample
mzw_g.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral13
Sample
stasdk_core.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral14
Sample
stasdk_core.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral15
Sample
bdxadsdk.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral16
Sample
bdxadsdk.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral17
Sample
bdxadsdk.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral18
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral19
Sample
gdtadv2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral20
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
muzhiwanapp.apk
-
Size
6.8MB
-
MD5
25a12b3e3d69b621f16d6809d57e37ee
-
SHA1
7c3026ac9bef20aa6c274a0ae0b2894ed27a39c6
-
SHA256
63a4443e53422abf80dffa60c088c72921a4d839d4070613427d9165909ea7e6
-
SHA512
d04d3fd4fa2d0911f1831b29c5b3031cd45349f8b916a1400a1789751c341272edcdb37b20ba468f759962f1aa7da174a58ced8cfaab1ccefa27dba19b445b47
-
SSDEEP
196608:udfDsgl7Fo3HcMg5+knzUsd3wIm1vM4MY2oNs:eAKm3lO+kz7dg3oGs
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /sbin/su sh -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.muzhiwan.market/data/mzw.apk 4592 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.muzhiwan.market/data/mzw.apk --output-vdex-fd=47 --oat-fd=50 --oat-location=/data/data/com.muzhiwan.market/data/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.muzhiwan.market/data/mzw.apk 4368 com.muzhiwan.market:mzwlogservice /data/data/com.muzhiwan.market/data/mzw.apk 4313 com.muzhiwan.market:mult -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.muzhiwan.market Framework service call android.app.IActivityManager.getRunningAppProcesses com.muzhiwan.market:mult Framework service call android.app.IActivityManager.getRunningAppProcesses com.muzhiwan.market:mzwlogservice -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.muzhiwan.market Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.muzhiwan.market:mult -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.muzhiwan.market -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.muzhiwan.market:mult
Processes
-
com.muzhiwan.market1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4279
-
com.muzhiwan.market:mult1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4313 -
cat /sys/class/net/wlan0/address2⤵PID:4490
-
-
cat /sys/class/net/wlan0/address2⤵PID:4534
-
-
com.muzhiwan.market:mzwlogservice1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4368 -
sh2⤵
- Checks if the Android device is rooted.
PID:4506
-
-
su2⤵PID:4547
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.muzhiwan.market/data/mzw.apk --output-vdex-fd=47 --oat-fd=50 --oat-location=/data/data/com.muzhiwan.market/data/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4592
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD5d1a020921eff5f91e5900a64bc558eeb
SHA1f03fec1fb79a3b528aced885a8e95fb0a7eb01ef
SHA256de8599fe345c0cf878b2887a98d921051edd36de036b5c1d8595a2c8f3738aa6
SHA51217f62c1182f869511ef89424cbc51140eddfb0e84a8999a5a4da94a6d398ccd92839a2d8a2705b976ecb59efbac90ede5122d3de8470dfbb75ce606a263b8d4e
-
Filesize
17KB
MD5e65188742e10046597a4c648d045699b
SHA137b2f1e3e89d3b0d8683737ccae2ee725e82a312
SHA256d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b
SHA5123859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD582a120fc921cf578bfa578583c693328
SHA145a600b1fc03633f0576f63168f20cd2c4c50be9
SHA25693a30e271b18a94a80a719f387d59cebd95f7d85f40de3354c1fef918a4f03be
SHA512d11f47f3bfc79e79f31e83b2cb4050649053cdfdd5b320d1db8a666412714ec88d1094c19cc33970e39f032de9accbc62c32e8626ede6c8320a2c227195ac8e9
-
Filesize
42KB
MD543cabe6ff77bbdd04224e0cd9e776f8e
SHA1c45f26220707f42a3a02d3915f82e775bdad9352
SHA256bdd2cf9b9e5dcc988da4210c7af4e11e158b35394135ece9d6b587ff34079148
SHA51218decf6885c9191a3d141b470c6e8d5176ea8fa2388f5a11641a9dee3bdb4a6e11ffc41be2d305ff074def103451f5945bfa02c342899c7bf02dcc6f36744edc
-
Filesize
32KB
MD545b0d79905435eff9ae7e222eacd4df9
SHA10917a7f97468cbad88cd3588432e9bdd3d01c5aa
SHA2564181ba18a36736c6fc74aba3a7c850f06d09bf159caa802e629bf7c963ea6898
SHA51219778e4ad92f786490e1ae37f3c9dc9de6ad4351e39685ef0f55cf16ebac1583973081df6315a0794fce7f6b11603e92f81f5b77189960bad7d393687696058d
-
Filesize
5KB
MD52d3a579b824de834fa63e4d5d17a5ad1
SHA1cb210fa3d48f5325acd4106c13cd61e820c65ec5
SHA256157a7c528ce710578c6f8945d4cadd7b6192ed62fa203afcfdaeb2ed5f03b8b5
SHA51247cca74ab0daf6e35893702979fac4ef8b5d1abb7ca4e6f99aee45d19676091d420294665374eaf0b21cd60b19e0b47025c6f96b48fe368a9c1f288c79d0ec96
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
3KB
MD5a8a6a538716c8e4c3b9f3b3da9484250
SHA15ae91a582bf57d2799bef22a840d66d56dc14aae
SHA256bc08c266ba5ccd327b57532b4bb628a2b8cff1de9865e24a618203eb2b1561c0
SHA51264f96041e94ea1aa7402dc2d9166eb1043a59237e76a1b409b42517a0902f82486be4314969628415ede51dac3408c6814640c818eaa8c5bf1732913d55520ba
-
Filesize
32KB
MD5becf5b86bc3fb33f391eea78ccdee800
SHA17013413c171a1823cd8beb762c32469343afb13a
SHA256740a40e33af0ce47c68e3694d2774b6825933d731a70af085cf7591c27d91ab3
SHA51287390e136780723980550fd1e4aa92eaa2702a39e0512ed6998902997318ee22fc7f383e07d1af5ef219075a2877f9aa67335f848bd9959553e844fe74fd9fb4
-
Filesize
32B
MD5c303ee8b8b2532e2c59ae7c3ca19ff3d
SHA1a3d8bfd1ed8065ee54d440e75cdcd7562ce90602
SHA2567cda56893b89cc7b67246e245cab672c5e31775ef85116deb00afb5c6386e60f
SHA5120c4f02ff50bb19f95abcd7e8fb8f3548d2d6112d0d0610d2d497291545b71f5ff06e433cd52c667b0a1b67024b86b6cbb619e0735e811bee727ae4362aabb983
-
Filesize
4KB
MD5eb4279af0d2d8d99b32a4f8453bf7097
SHA12d65ebd5bf280a954cb86d3cc5cebadbac954c96
SHA25696be0e9f0f921141fe061b972d1c1637d4b8d1521316a72a646069c0cd642225
SHA512888c59462e7fea3b8c8529f4c649619140d3a1bbc801abeae92c916ee4eb8470f91d588e5d3e0f2c7033066ef7d061f39345a60e766fced9e42c643f9d04c808
-
Filesize
42KB
MD57bc525aa5cfd71cd4d2ad570fd72a906
SHA1b411e1b345b5e9e4a0e4f603b46277278981e921
SHA25614b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00
SHA5125f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f